From: Shivani Bhardwaj <shivani@oisf.net>
Date: Thu, 4 Jun 2026 04:35:47 +0000 (+0530)
Subject: flowbits: add test for toggle for 7 and 8
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;p=thirdparty%2Fsuricata-verify.git

flowbits: add test for toggle for 7 and 8
---

diff --git a/tests/flowbits-toggle-pre-9/test.rules b/tests/flowbits-toggle-pre-9/test.rules
new file mode 100644
index 000000000..4d904c6d2
--- /dev/null
+++ b/tests/flowbits-toggle-pre-9/test.rules
@@ -0,0 +1,10 @@
+alert tcp any any -> any any (flow:to_client; content:"HTTP"; flowbits:toggle,rare; flowbits:toggle,common; sid:11;)
+alert tcp any any -> any any (dsize:10; flowbits:set,never; flowbits:toggle,common; sid:12;)
+alert tcp any any -> any any (flowbits:isset,never; sid:21;)
+alert tcp any any -> any any (flowbits:isset,common;  dsize:259; sid:22;)
+alert tcp any any -> any any (flowbits:isset,never;  dsize:10; sid:23;)
+alert tcp any any -> any any (flowbits:isset,rare;  dsize:11; sid:24;)
+alert tcp any any -> any any (flowbits:isset,rare;  ack:3308437468; sid:25;)
+alert tcp any any -> any any (priority:10; dsize:11; sid:31;)
+alert tcp any any -> any any (priority:10; dsize:10; sid:32;)
+alert tcp any any -> any any (priority:10; ack:3308437468; sid:33;)
diff --git a/tests/flowbits-toggle-pre-9/test.yaml b/tests/flowbits-toggle-pre-9/test.yaml
new file mode 100644
index 000000000..37bfbbd87
--- /dev/null
+++ b/tests/flowbits-toggle-pre-9/test.yaml
@@ -0,0 +1,22 @@
+requires:
+  lt-version: 9
+
+pcap: ../flowbit-oring/input.pcap
+
+args:
+  - -k none
+  - --simulate-ips
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      pcap_cnt: 6
+      alert.signature_id: 11
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      pcap_cnt: 6
+      alert.signature_id: 22